Since its announcement during the King’s Speech on 17 July 2024, there has been much anticipation over the contents of the Cyber Security and Resilience Bill (“CS&R Bill“) and in particular the extent to which it will bring the UK into alignment with its European counterpart, the NIS2 directive. Currently, cyber regulation in
Continue Reading UK: Will UK cyber reforms keep step with NIS2?
In a December, the Information Commissioner’s Office (ICO) responded to Google’s decision to lift a prohibition on device fingerprinting (which involves collecting and combining information about a device’s software and hardware, for the purpose of identifying the device) for organisations using its advertising products, effective from 16 February 2025 (see an overview of
Continue Reading UK: Google’s U-Turn on Device Fingerprinting: ICO’s Response and Subsequent Guidance
On 14 January 2025, the UK Home Office published a consultation paper focusing on legislative proposals to reduce payments to cyber criminals and increasing incident reporting.
The proposals set out in the consultation paper aim to protect UK businesses, citizens, and critical infrastructure from the growing threat of ransomware, by reducing the financial incentives for
Continue Reading UK: Consultation on Ransomware payments
Déjà vu in the world of UK data law: the Labour government has proposed reforms to data protection and e-privacy laws through the new Data (Use and Access) Bill (“DUAB“). The DUAB follows the previous government’s unsuccessful attempts to reform these laws post-Brexit, which led to the abandonment of the Data Protection
Continue Reading UK: Data (Use and Access) Bill: newcomer or a familiar face?
Planning and developing an effective communications strategy is a critical step in preparing for a cyber security incident. Last week, the UK’s National Cyber Security Centre published guidance on communicating with stakeholders before, during and after a cyber security incident. The guidance is published with organisations of all sizes in mind, and sets out three
Continue Reading UK: NCSC issue guidance on how to communicate effectively in a cyber incident
In the much anticipated first King’s Speech of the new Labour Government on 17 July 2024, the monarch announced that the long anticipated Cybersecurity and Resilience Bill (CS&R Bill) would be amongst those new laws making their way onto Parliament’s schedule for the next year. Six years on from the implementation of the
Continue Reading UK: The UK Cybersecurity and Resilience Bill – a different approach to NIS2 or a British sister act?On 16 September 2024, the UK’s data protection authority, the Information Commissioner’s Office (ICO), issued a reprimand against Sky Betting and Gaming (SkyBet) for unlawfully processing people’s data through advertising cookies without their consent.
Between 10 January and 3 March 2023, SkyBet’s website dropped third-party AdTech cookies to visitors’ browsers before
Continue Reading UK: Data protection authority issues reprimand to gambling operator for unlawfully processing personal dataDisclaimer: This article first appeared in the June 2024 issue of PLC Magazine, and is available at http://uk.practicallaw.com/resources/uk-publications/plc-magazine.
In order to capture the benefits of data-driven innovation, the EU and the UK are taking action to facilitate data sharing across various industries.
In the EU, the European Commission is investing €2
Continue Reading EU/UK: Data-Sharing Frameworks – A State of Play in the EU and the UK
On Monday 29 April, new cyber security requirements entered into force in the United Kingdom. They apply to connected products sold to consumers and place obligations on the manufacturers, importers and distributors of those products.
Background
The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 (Regulations) are the
Continue Reading UK: New cyber security requirements for consumer products
